Detections
Analytics

Item Search

NameAudit NamePluginCategory
Access data sources across domains - Internet ZoneMSCT Windows Server 2025 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Accounts: Limit local account use of blank passwords to console logon only - LimitBlankPasswordUseMSCT Windows Server 2025 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Allow indexing of encrypted files - AllowIndexingEncryptedStoresOrItemsMSCT Windows Server 2025 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Allow only approved domains to use ActiveX controls without prompt - Internet ZoneMSCT Windows Server 2025 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Allow unencrypted traffic - Client - AllowUnencryptedTrafficMSCT Windows Server 2025 DC v1.0.0Windows

ACCESS CONTROL

Allow VBScript to run in Internet Explorer - Internet ZoneMSCT Windows Server 2025 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Audit Account LockoutMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Authentication Policy ChangeMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Credential ValidationMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit insecure guest logon - LanmanServer AuditInsecureGuestLogonMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Kerberos Service Ticket OperationsMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security Group ManagementMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Security System ExtensionMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit System IntegrityMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit User Account ManagementMSCT Windows Server 2025 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Boot-Start Driver Initialization Policy - DriverLoadPolicyMSCT Windows Server 2025 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Configure Attack Surface Reduction rules - e6db77e5-3df2-4cf1-b95a-636979351e5bMSCT Windows Server 2025 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Configure detection for potentially unwanted applicationsMSCT Windows Server 2025 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Configure enhanced anti-spoofing - EnhancedAntiSpoofingMSCT Windows Server 2025 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Configure hash algorithms for certificate logon - KDC PKINITSHA1MSCT Windows Server 2025 DC v1.0.0Windows
Configure hash algorithms for certificate logon - Kerberos PKInitSHA256MSCT Windows Server 2025 DC v1.0.0Windows
Configure Windows Defender SmartScreen - EnableSmartScreenMSCT Windows Server 2025 DC v1.0.0Windows

ACCESS CONTROL

Manage auditing and security logMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

NetBT NodeType configurationMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Network access: Do not allow anonymous enumeration of SAM accountsMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Network access: Restrict anonymous access to Named Pipes and SharesMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Password must meet complexity requirementsMSCT Windows Server v20H2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Perform volume maintenance tasksMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Prevent bypassing SmartScreen Filter warningsMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Prevent ignoring certificate errorsMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Remote host allows delegation of non-exportable credentialsMSCT Windows Server v20H2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Run .NET Framework-reliant components not signed with Authenticode - Internet ZoneMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Run .NET Framework-reliant components signed with Authenticode - Internet ZoneMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Security Zones: Do not allow users to add/delete sitesMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Select cloud protection levelMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

Set client connection encryption levelMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Sign-in and lock last interactive user automatically after a restartMSCT Windows Server v20H2 DC v1.0.0Windows

IDENTIFICATION AND AUTHENTICATION

Specify use of ActiveX Installer Service for installation of ActiveX controlsMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)MSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Take ownership of files or other objectsMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Turn off Crash DetectionMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn off the Security Settings Check featureMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of WindowsMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on Cross-Site Scripting Filter - Internet ZoneMSCT Windows Server v20H2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Turn on Enhanced Protected ModeMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Turn on PowerShell Script Block Logging - EnableScriptBlockLoggingMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

Turn On Virtualization Based Security - HVCIMATRequiredMSCT Windows Server v20H2 DC v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

User Account Control: Only elevate UIAccess applications that are installed in secure locationsMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL

User Account Control: Run all administrators in Admin Approval ModeMSCT Windows Server v20H2 DC v1.0.0Windows

ACCESS CONTROL